OS Installation
This page will guide you through an installation of freebsd on a hosted root server or vps. We will use the FreeBSD-14.2-RELEASE-amd64-dvd1.iso installer. You can also find VM images and lighter isos on https://www.freebsd.org/where/ We will apply some custom settings during installatin, but the rest of the guide can also be followed with a default FreeBSD 14.x installation as long as you use ZFS as your (root) filesystem.
Starting the installer
After booting from the installation iso, we are greeted with the folloging sceen:
Select Install
If you use a US ANSI keyboard, you can simply select the default option. If you use a ISO keyboard - like most of europe does, select you keyboard layour from the list.
Use whatever you want to identify the host.
We go with the default selection on this screen. Only select the kernel-dbg and lib32 packages.
ZFS
Since we want to use ZFS for all filesystems on this host, we choose the default option: Auto (ZFS). As the bottom message states, running ZFS works best with a lot of ram. But you don’t have to worry if your host has less than 8GB. The OpenZFS documentation states, that the minimum requirement is 2GB. We won’t activate compression or deduplication, so 2-4GB should be enough to get going.
Enter the name for the ZFS Pool which should be created for the root filesystem. You will get the message in the screenshot, if you run the installer on a system which already contains a pool with this name (e.g: if you reinstall the system).
In both cases, select zroot as the name.
On a rootserver or vps with one “disk” attached, these settings are fine. We will be presented additional selections either way.
Select >>> Install
Select stripe. Since we are only given a single storage device on this virtual machine, we cannot utilize any redundancy.
This screen will look different based on the connected disk/storage device. On a virtual host, you usually get only a single option. Select it with the space-key so that the selection shows up as [*] and confirm by selecting OK.
Note
Write down the interface name (vtbd0 in this screenshot). We will need it later.
Confirm by moving the selection with the left arrow-key to YES and press enter. And let the Installer do its thing:
Root Password
Type a password for the root user. We will actually utilize root on this system, so do not use a throw-away password.
Caution
It may not be ovious, because the characters are not visible, but in quite a few web-based console-viewers, pasting values from thee clipboard does not work. We recomment a simple password that is easy to type (but still long enough to not instantly be guessed by scanners) in this stage and change it to something secure, generated by a password manager, as the first step after we’ve set up ssh access.
You will be promted two times for the password.
Network configuration
Again, on a hosted system you probably only have one available interface, select it.
Select Yes.
Unless you have a static ip which you need to assign to the host, select Yes.
We currently do not use ipv6 for this setup, so you can easily disable this option. Select No.
Note
We plan to change this in the future, but currently we keep ipv6 out-of-scope.
Enter the DNS servers you’d like to use, or keep the ones defined by the DHCP server. Confirm with OK.
Timezone
Select your timezone by selecting on of the regions, followed by a country (or additional region).
If the date looks correct, you can select Skip. If it does not show the correct date, double-check if you have selected the correct timezone. If so, you can also set a date here.
Same with the time.
Services & Hardening
Select the following services to start at boot and confirm with OK.
sshdntpddumpdev
We want to activate a few hardening settings - just in case. Select the following options and confirm with OK:
0 hide_uids1 hide_gids2 hide_jail3 reaqd_msgbuf4 proc_debug5 random_pid6 clear_tmp
And let the installre do it’s thing:
User creation
Select Yes. We want to add an additional user which we will use to log into the system.
Enter a username. You can use default values for other options by leaving it empty and pressing Enter. When prompted “Invite into other groups?”. Enter wheel. Members of this group get additional administrative priviledged.
Enter the password for the user.
Caution
Again, keep in mind, that you probably will not be able to paste values in web-based viewers.
Confirm by typing yes or pressing Enter.
Afterwards, you can exit the installer.
And confirm by selecting No.
We are now ready to reboot the system. If you have some administration panel to attach/detach ISOs, detach the installation medium.
Confirm with Reboot.
Caution
If you plan to take a break. Maybe come back to in in a few days, etc. It would be best to shut down the host until you have time to replace the passwords of our user and root with something more complex (unless you already did so).
Access Configuration
Now lets fix the not-so-complex passwords we set for the user accounts.
Log into the machine through SSH (from you personal hosts shell), either through its IP or through a domainname you have assigned to it. Use the name of the user we created in the User Creation step.
ssh psyon@ez1.ezdk.orgthen change the password for that user not that you can paste values to the prompt.
passwdYou’ll get promted to enter you old password and then two times for the new one. The passwords will be invisible.
Note
Use a Password Generator that can generate a passphrase for you. Length trumps any other complexity.
Tip
Test the new password by loging out with exit and loggin in again via SSH. In case something went wrong, log in as root through your hosters console interface and change the password for your user with passwd <username>.
Do the same for the root account. For this, change to the root user with
su -And enter the root password that was set during installation.
Use the same passwd command as before and enter a new (longer) password.
Now we are done with the installation of our base system. We can now move forward to the Host Configuration.